users@glassfish.java.net

Re: Load balancer not changing protocol to https on https redirect

From: Kshitiz Saxena <Kshitiz.Saxena_at_Sun.COM>
Date: Tue, 01 Dec 2009 13:14:23 +0530

Hi All,

Jan suggested to set "redirect-port" attribute for http-listener level
to front-end port. Then in case of redirection port-number specified as
"redirect-port" attribute will be used. This will resolve below
mentioned issue completely.

Thanks,
Kshitiz

Kshitiz Saxena wrote:
> Hi Jan,
>
> I did some further deep digging into this query. In this scenario,
> RealmAdapter sends a redirect due to security constraint. So a
> redirect 302 response is created. Since request is coming through
> web-server acting as LB, so request "Host" header has web-server
> address and port. Same is reflected in redirect url created. There is
> a huge mismatch as web-server host name with application server
> instance ssl port is used in combination.
>
> For example :
> Web-server is running on ws.abc.com, ports 48080, 48443
> While Application-server instance on as.abc.com, ports 18080, 18181
> Then redirect url is https://ws.abc.com:18181.
>
> This will not work in any case.
>
> Thanks,
> Kshitiz
>
> Jan Luehe wrote:
>> On 10/26/09 03:51, Kshitiz Saxena wrote:
>>> Hi,
>>>
>>> Have you set both authPassthroughEnabled and proxyHandler? If not,
>>> then please set them to "true" and
>>> "com.sun.enterprise.web.ProxyHandlerImpl" respectively at
>>> http-service or http-listener level.
>>
>> Minor comment: Setting "authPassthroughEnabled" to "true" should be
>> sufficient,
>> in which case "com.sun.enterprise.web.ProxyHandlerImpl", which is the
>> default
>> ProxyHandler implementation, will be picked up.
>>
>>
>> Jan
>>
>>
>>>
>>> Thanks,
>>> Kshitiz
>>>
>>> JSolanu wrote:
>>>> I'm attempting to configure the load balancer plug in for apache,
>>>> it seems to
>>>> be working for http traffic but if I goto a page that required
>>>> HTTPS the
>>>> port changes to 443 but the protocol remains HTTP. I found some
>>>> information at the following site which seems to indicate that if
>>>> authPassthroughEnabled is true on the HTTP Service and
>>>> rewrite-location
>>>> is true on the load balancer configuration it should be changing the
>>>> protocol from HTTP to HTTPS but it doesn't seem to be working. The
>>>> redirect
>>>> port on http-listener-1 is set to 443, HTTPS Routing is set to
>>>> false in the
>>>> load balancer configuration.
>>>>
>>>> http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view
>>>>
>>>>
>>>> Anyone have any ideas on what I might be missing to allow the 443
>>>> redirect
>>>> to also change the protocol? The build options and loadbalancer.xml
>>>> configuration I'm using are below.
>>>>
>>>> Using aslb-9.1.1-b13.jar Installed with instructions on
>>>> http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish
>>>> Apache 2.2
>>>> export CFLAGS=-m32
>>>> export CPPFLAGS=-m32
>>>> ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache
>>>> --enable-ssl -enable-so --enable-rewrite --enable-proxy
>>>> --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite
>>>> --enable-proxy-http --enable-http --enable-dav --enable-headers
>>>> --enable-mods-shared=all --with-included-apr
>>>> Glassfish v2.1
>>>> Installed to /apps/glassfish
>>>> Openssl 0.9.8k
>>>> ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k shared
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun
>>>> Java System
>>>> Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd">
>>>> <loadbalancer>
>>>> <cluster name="MyAppCluster" policy="round-robin">
>>>> <instance disable-timeout-in-minutes="30" enabled="true"
>>>> listeners="http://my.domain.com:11010 https://my.domain.com:11011"
>>>> name="app01" weight="100"/>
>>>> <instance disable-timeout-in-minutes="30" enabled="true"
>>>> listeners="http://my.domain.com:11020 https://my.domain.com:11021"
>>>> name="app02" weight="100"/>
>>>> <web-module context-root="/app" disable-timeout-in-minutes="30"
>>>> enabled="true"/>
>>>> <health-checker interval-in-seconds="30" timeout-in-seconds="10"
>>>> url="/"/>
>>>> </cluster>
>>>> <property name="response-timeout-in-seconds" value="60"/>
>>>> <property name="reload-poll-interval-in-seconds" value="60"/>
>>>> <property name="https-routing" value="false"/>
>>>> <property name="require-monitor-data" value="true"/>
>>>> <property name="active-healthcheck-enabled" value="false"/>
>>>> <property name="number-healthcheck-retries" value="3"/>
>>>> <property name="rewrite-location" value="true"/>
>>>> </loadbalancer>
>>>> <!--
>>>> This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009].
>>>> Debugging Tips:
>>>> By default, instances and web-modules are not enabled. Please
>>>> enable them
>>>> manually if you have not done that using asadmin.
>>>> -->
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>